NRECA CEO Jim Matheson told U.S. senators examining cybersecurity that the electric power sector is well prepared to combat cyber threats, but said the federal government should pursue greater R&D for small and medium-sized utilities and improve information sharing to bolster the industry’s cyber defense.
“Protecting the electric grid from threats that could affect national security and public safety is a responsibility shared by both the government and the electric power sector,” Matheson told the Senate Energy and Natural Resources Committee at a March 1 hearing.
“Maintaining the resilience and security of the electric grid requires a flexible approach that draws on a variety of resources and options. As threats and threat actors continue to evolve, so must government and industry’s capability to defend against them.”
Matheson outlined ongoing cybersecurity measures by the electric sector, including participation in federal exercises such as the Department of Energy’s Clear Path and the North American Electric Reliability Corp.’s GridEx.
“The possibility of a cybersecurity attack impacting grid operations is something for which the electric sector has been preparing for years,” he said.
Matheson pointed to the Rural Cooperative Cybersecurity Capabilities Program, or RC3, a cost-shared partnership between DOE and NRECA that has provided cybersecurity assessment and training to more than 150 member co-ops and developed resources for small and mid-sized utilities.
“It’s really a toolbox of different options they can use to identify vulnerabilities and risks and share best practices with each other,” Matheson said in response to a question by Sen. Joe Manchin, D-W.Va., about which cybersecurity efforts are working.
RC3 also involves a continuous improvement process. “We all know wherever we are today, we’ve got to get better by tomorrow,” said Matheson.
He agreed that America’s electric cooperatives face diverse circumstances when it comes to protecting against cyberthreats.
“We try to create a peer-to-peer relationships where co-ops can compare, consolidate and share assets,” said Matheson. “We have a really coordinated effort to make sure we are sharing best practices with each other to take on the cybersecurity threat.” Source: Cathy Cash, NRECA